Iqonic Design Wpbookit vulnerabilities
5 known vulnerabilities affecting iqonic_design/wpbookit.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-0357P2CRITICALCVSS 9.8≤ 1.6.92025-01-25
CVE-2025-0357 [CRITICAL] CWE-434 CVE-2025-0357: The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file t
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote co
nvd
CVE-2024-10215P2CRITICALCVSS 9.8≤ 1.6.42025-01-09
CVE-2024-10215 [CRITICAL] CWE-639 CVE-2024-10215: The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to,
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentia
nvd
CVE-2024-54280P3CRITICALCVSS 9.8≤ 1.6.02024-12-16
CVE-2024-54280 [CRITICAL] CWE-89 CVE-2024-54280: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.This issue affects WPBookit: from n/a through <= 1.6.0.
nvd
CVE-2025-32254P4MEDIUMCVSS 5.3≤ 1.0.72025-04-04
CVE-2025-32254 [MEDIUM] CWE-862 CVE-2025-32254: Missing Authorization vulnerability in Iqonic Design WPBookit wpbookit allows Accessing Functionalit
Missing Authorization vulnerability in Iqonic Design WPBookit wpbookit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPBookit: from n/a through <= 1.0.7.
nvd
CVE-2025-26910P4MEDIUMCVSS 6.1≤ 1.0.12025-03-10
CVE-2025-26910 [MEDIUM] CWE-352 CVE-2025-26910: Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects WPBookit: from n/a through <= 1.0.1.
nvd